Arbor Networks reports record-breaking 1.7Tbps DDoS attack

Share

Written by

The record for the largest recorded denial of service attack appears to have been broken less than a week after it was set.

Arbor Networks reported on Monday in a blog post that a 1.7 -terabit-per-second attack took place targeting the customer of a U.S. based internet service provider. Arbor Networks did not specify the victim beyond that description, but said that the ISP had proper defenses in place and that no outages were reported.

“It’s a testament to the defense capabilities that this Service Provider had in place to defend against an attack of this nature that no outages were reported because of this,” the company wrote.

The attack used the same technique that was used in the 1.35Tbps attack on GitHub on Feb. 28, Arbor Networks said. In both cases, attackers used memcached servers to amplify the requests they were sending to their targets.

Arbor Networks says more large attacks using the memcached tactic should be expected as long as there is an open supply of memchached servers to be exploited. Memcached servers are systems that cache data in order to speed up networks and websites.

“While the internet community is coming together to shut down access to the many open mecached [sic] servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit,” Arbor Networks writes. “Until the internet community is able to adjust and make significant progress on memcached servers, we should expect terabit attacks to continue.”

Both Akamai (the company that protected GitHub during its attack) and Cloudflare (another company that reported the technique the day before the GitHub attack), have also predicted more large scale attacks in the near future.